Insider Threats: The Signs You Won’t See Till You Do!

Insider threats are employee-performed threats that are becoming more common. According to CA Technologies, 31% of the organizations believe that insider threat causes more damage as compared to those 14% who believe damages from external threats are more acute [1]. Yet, most of the employers do not maintain a close eye on their staff. The employees from higher cadre are less questioned and monitored compared to middle and lower level management staff.

CA Technologies has conducted real-time research on insider threats and have revealed interesting facts about this malicious or negligence attack. Few of the key findings are as follows [1]:

The most crucial problem with an insider threat is difficulty in locating the intruder as well as the intrusion. When you doubt your own employees, they may lose trust in you. An insider can be a full-time employee, freelancer, consultant, or a contractor working on a specific task. It can be anyone who has a connection with the organization either direct or indirect.

According to Ponemon’s research, if the incident involved a negligent employee or contractor, companies spent an average of $283,281 as a total cost to identify the threat. The average cost more than doubles if the incident involved an imposter or thief who steals credentials ($648,845). Hackers cost the organizations represented in this research an average of $607,745 per incident [3].

5 Ways How Insiders Become Threats and How to Deal with Them

Basically, there are three primary threat actors: malicious, negligent, and complacent. Insider threats are the potential for an insider to harm an organization by leveraging his or her privileged level of knowledge and/or access. An insider threat is not necessarily driven by malicious intent: it may also constitute an individual who is complacent or negligent toward security policies and procedures. Broadly, the insider threats are divided into the following five categories:

Reduction in productivity, isolation from colleagues and managers, and agitated mood

Augment security training using technological measures Explain that the privileged access will be assigned on a need-to-know basis Use DLP to prevent data loss

The leaver

Negligence of technical team, ineffective exit formalities

Employee joining a competitor, over-friendly with existing employees even after leaving, starting a business similar to yours

Ensure removal of access immediately after leaving including freelancer and business partners or their employees

The poacher

Loss of intellectual property

Spending extra hours on work before leaving. Difficult to find as they are backed by competitors

Change all the access credentials of crucial project details or intellectual property details, especially when a senior employee leaves

Unintentionally

Lack of security awareness, ignorance, or naive

Mostly active on social media networks, access personal accounts from the office network

Block personal usage of official IT infrastructure, behavioral training to employees on social engineering attacks, stress on good cyber hygiene and diligence

Second income source

Exploiting company’s resources, accessing data, and making it vulnerable

Hard to locate, appear to be productive but end result will be less

Technologies such SEIM and data loss prevention measures can mitigate the impact

Want to Understand How to Identify Insider Threats and Suggest Strategies to Combat Them in the Long Run?

Join the Certified Ethical Hacker program from EC-Council. Certified Ethical Hacker (C|EH) is aimed to master the ethical hacking methodology that can be used in a situation where you are involved in ethical hacking or penetration testing. C|EH is a credential that gives you confidence of learning required ethical hacking skills that are highly in demand. The course comprises 20 of the most security domains along with 340 attack technologies. Modules of the C|EH train you in the five phases of ethical hacking beginning with reconnaissance, gaining access, enumeration, retaining access, and covering your tracks. The recent version 10 of C|EH curriculum also covers methods of vulnerability analysis and IoT hacking, and more, it is now mapped to NICE Framework’s Protect and Defend specialty area. Modules of C|EH focus on emerging new technologies such as cloud computing, artificial intelligence, and latest malware analysis, along with latest hacking tools for different operating systems.